Lucene search
+L

336 matches found

nvd
nvd
added 2022/08/25 11:15 p.m.43 views

CVE-2022-31499

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256...

9.8CVSS0.64589EPSS
Exploits3References3
attackerkb
attackerkb
added 2022/08/25 11:15 p.m.5 views

CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /cardscan.php?CardFormatNo= XSS with session fixation via PHPSESSID when they are chained together. This would allow an attacker to take over an admin account or a user account...

6.1CVSS5.4AI score0.06652EPSS
Exploits2References5
nvd
nvd
added 2022/08/25 11:15 p.m.44 views

CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /cardscan.php?CardFormatNo= XSS with session fixation via PHPSESSID when they are chained together. This would allow an attacker to take over an admin account or a user account...

6.1CVSS0.06652EPSS
Exploits2References3
prion
prion
added 2022/08/25 11:15 p.m.37 views

Design/Logic Flaw

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256...

7.5CVSS9.6AI score0.97136EPSS
Exploits19References3Affected Software1
prion
prion
added 2022/08/25 11:15 p.m.17 views

Session fixation

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /cardscan.php?CardFormatNo= XSS with session fixation via PHPSESSID when they are chained together. This would allow an attacker to take over an admin account or a user account...

5.8CVSS5.9AI score0.06652EPSS
Exploits2References3Affected Software1
cve
cve
added 2022/08/25 10:15 p.m.96 views

CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p is affected by CVE-2022-31798: an XSS vulnerability combined with local session fixation via the PHPSESSID when devices are chained, enabling account takeover of admin or lower-privileged users. The issue arises at the /card_scan.php?CardFormatNo= endpoint....

6.1CVSS6AI score0.06652EPSS
Exploits2References3Affected Software1
cvelist
cvelist
added 2022/08/25 10:15 p.m.47 views

CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /cardscan.php?CardFormatNo= XSS with session fixation via PHPSESSID when they are chained together. This would allow an attacker to take over an admin account or a user account...

6.2AI score0.06652EPSS
Exploits2References3
osv
osv
added 2022/08/25 10:15 p.m.7 views

CVE-2022-31269

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. This occurs in situations where the CVE-2019-7271 default credentials have been changed...

8.2CVSS5.8AI score0.05055EPSS
Exploits3References4
attackerkb
attackerkb
added 2022/08/25 10:15 p.m.6 views

CVE-2022-31269

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. This occurs in situations where the CVE-2019-7271 default credentials have been changed...

9.8CVSS7.3AI score0.05055EPSS
Exploits3References6
cve
cve
added 2022/08/25 10:9 p.m.105 views

CVE-2022-31499

CVE-2022-31499 affects Nortek Linear eMerge E3-Series devices prior to version 0.32-08f, where an unauthenticated attacker can inject OS commands via ReaderNo. This extends an earlier issue from CVE-2019-7256 (incomplete fix leading to OS command injection). Public materials from Exploit-DB and C...

9.8CVSS9.6AI score0.64589EPSS
Exploits3References3Affected Software1
cvelist
cvelist
added 2022/08/25 10:9 p.m.41 views

CVE-2022-31499

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256...

9.9AI score0.64589EPSS
Exploits3References3
cve
cve
added 2022/08/25 9:59 p.m.141 views

CVE-2022-31269

Linear eMerge E3-Series devices are affected by CVE-2022-31269. Admin credentials are stored in clear text at the endpoint /test.txt (when default credentials have been changed), allowing an attacker to obtain admin credentials and access the admin dashboard to control doors, cameras, and related...

8.2CVSS8.1AI score0.05055EPSS
Exploits3References4Affected Software1
cvelist
cvelist
added 2022/08/25 9:59 p.m.52 views

CVE-2022-31269

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. This occurs in situations where the CVE-2019-7271 default credentials have been changed...

8.5AI score0.05055EPSS
Exploits3References4
ptsecurity
ptsecurity
added 2022/08/25 12:0 a.m.10 views

PT-2022-20657 · Nortek Linear · Emerge E3-Series

Name of the Vulnerable Software and Affected Versions: Nortek Linear eMerge E3-Series devices versions 0.32-09c and earlier Description: The issue allows an attacker to obtain admin credentials stored in /test.txt, which can be used to open a building's doors. This occurs even when default...

8.2CVSS8.7AI score0.05055EPSS
Exploits3References6
zdt
zdt
added 2022/08/08 12:0 a.m.344 views

Nortek Linear eMerge E3-Series Account Takeover XSS Vulnerability

Nortek Linear eMerge E3-Series version 0.32-07p suffers from a vulnerability where session fixation tied with cross site scripting can allow for account takeover. Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over Exploit Author: Omar Hashim Version: 0.32-07p Vendor home page:...

6.1CVSS6.2AI score0.06652EPSS
Exploits2
packetstorm
packetstorm
added 2022/08/08 12:0 a.m.289 views

Nortek Linear eMerge E3-Series Account Takeover

Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over Exploit Author: Omar Hashim Version: 0.32-07p Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31798 Description...

0.1AI score0.06652EPSS
Exploits2
cnnvd
cnnvd
added 2022/08/08 12:0 a.m.62 views

Nortek Control Linear eMerge E3-Series 信任管理问题漏洞

The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors a person can use to enter and exit a specified location at a specified time. A security vulnerability exists in the Nortek Control Linear eMerge E3-Series, which stems fro...

8.2CVSS8.1AI score0.05055EPSS
Exploits3References6
packetstorm
packetstorm
added 2022/08/08 12:0 a.m.350 views

Nortek Linear eMerge E3-Series Credential Disclosure

Exploit Title: Nortek Linear eMerge E3-Series - Information Disclosure lead to access admin dashboard Exploit Author: Omar Hashim Version: 0.32-07p,0.32-07e,0.32-07p,0.32-08f,0.32-09c Vendor home page : https://www.nortekcontrol.com/access-control/ Vendor home page : https://linear-solutions.com/...

8.3AI score0.05055EPSS
Exploits3
cnnvd
cnnvd
added 2022/08/08 12:0 a.m.4 views

Nortek Control Linear eMerge E3-Series 授权问题漏洞

The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors a person can use to enter and exit a specified location at a specified time. An authorization issue vulnerability exists in Nortek Control Linear eMerge E3-Series version...

6.1CVSS5.8AI score0.06652EPSS
Exploits2References5
zdt
zdt
added 2022/08/08 12:0 a.m.387 views

Nortek Linear eMerge E3-Series Command Injection Vulnerability

Exploit Title: Nortek Linear eMerge E3-Series - Blind OS Command Injection Exploit Author: Omar Hashim Version: 0.32-09c Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31499 POC:...

9.8CVSS0.4AI score0.64589EPSS
Exploits3
Rows per page
Query Builder